X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fapps.c;h=c66b89cff4a7f7c57bce0ff593cca58c5e295a49;hp=43a51f63aed7f9b36a9d0ad3e6565dcd36972cda;hb=b5c4209be9162d4ceafb9aef833ca94ffa1cc5c9;hpb=1cd5cc368f9c907b2d184b4643ddcac2a156f628 diff --git a/apps/apps.c b/apps/apps.c index 43a51f63ae..c66b89cff4 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1,111 +1,10 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) @@ -115,6 +14,7 @@ */ # define _POSIX_C_SOURCE 2 #endif + #include #include #include @@ -141,11 +41,8 @@ # include #endif #include -#ifndef OPENSSL_NO_JPAKE -# include -#endif #include - +#include "s_apps.h" #include "apps.h" #ifdef _WIN32 @@ -159,7 +56,9 @@ typedef struct { unsigned long mask; } NAME_EX_TBL; +#if !defined(OPENSSL_NO_UI) || !defined(OPENSSL_NO_ENGINE) static UI_METHOD *ui_method = NULL; +#endif static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl); @@ -177,24 +76,23 @@ int chopup_args(ARGS *arg, char *buf) if (arg->size == 0) { arg->size = 20; arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space"); - if (arg->argv == NULL) - return 0; } for (p = buf;;) { /* Skip whitespace. */ - while (*p && isspace(*p)) + while (*p && isspace(_UC(*p))) p++; if (!*p) break; /* The start of something good :-) */ if (arg->argc >= arg->size) { + char **tmp; arg->size += 20; - arg->argv = OPENSSL_realloc(arg->argv, - sizeof(*arg->argv) * arg->size); - if (arg->argv == NULL) + tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size); + if (tmp == NULL) return 0; + arg->argv = tmp; } quoted = *p == '\'' || *p == '"'; if (quoted) @@ -207,7 +105,7 @@ int chopup_args(ARGS *arg, char *buf) p++; *p++ = '\0'; } else { - while (*p && !isspace(*p)) + while (*p && !isspace(_UC(*p))) p++; if (*p) *p++ = '\0'; @@ -238,24 +136,48 @@ int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile, return SSL_CTX_load_verify_locations(ctx, CAfile, CApath); } -int dump_cert_text(BIO *out, X509 *x) +#ifndef OPENSSL_NO_CT + +int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path) { - char *p; + if (path == NULL) { + return SSL_CTX_set_default_ctlog_list_file(ctx); + } + + return SSL_CTX_set_ctlog_list_file(ctx, path); +} + +#endif + +static unsigned long nmflag = 0; +static char nmflag_set = 0; + +int set_nameopt(const char *arg) +{ + int ret = set_name_ex(&nmflag, arg); - p = X509_NAME_oneline(X509_get_subject_name(x), NULL, 0); - BIO_puts(out, "subject="); - BIO_puts(out, p); - OPENSSL_free(p); + if (ret) + nmflag_set = 1; - p = X509_NAME_oneline(X509_get_issuer_name(x), NULL, 0); - BIO_puts(out, "\nissuer="); - BIO_puts(out, p); + return ret; +} + +unsigned long get_nameopt(void) +{ + return (nmflag_set) ? nmflag : XN_FLAG_ONELINE; +} + +int dump_cert_text(BIO *out, X509 *x) +{ + print_name(out, "subject=", X509_get_subject_name(x), get_nameopt()); + BIO_puts(out, "\n"); + print_name(out, "issuer=", X509_get_issuer_name(x), get_nameopt()); BIO_puts(out, "\n"); - OPENSSL_free(p); return 0; } +#ifndef OPENSSL_NO_UI static int ui_open(UI *ui) { return UI_method_get_opener(UI_OpenSSL())(ui); @@ -276,7 +198,11 @@ static int ui_read(UI *ui, UI_STRING *uis) return 1; } } - default: + break; + case UIT_NONE: + case UIT_BOOLEAN: + case UIT_INFO: + case UIT_ERROR: break; } } @@ -296,7 +222,11 @@ static int ui_write(UI *ui, UI_STRING *uis) if (password && password[0] != '\0') return 1; } - default: + break; + case UIT_NONE: + case UIT_BOOLEAN: + case UIT_INFO: + case UIT_ERROR: break; } } @@ -326,36 +256,38 @@ void destroy_ui_method(void) } } +const UI_METHOD *get_ui_method(void) +{ + return ui_method; +} +#endif + int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) { - UI *ui = NULL; int res = 0; - const char *prompt_info = NULL; - const char *password = NULL; +#ifndef OPENSSL_NO_UI + UI *ui = NULL; +#endif PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp; - if (cb_data) { - if (cb_data->password) - password = cb_data->password; - if (cb_data->prompt_info) - prompt_info = cb_data->prompt_info; - } - - if (password) { - res = strlen(password); +#ifdef OPENSSL_NO_UI + if (cb_data != NULL && cb_data->password != NULL) { + res = strlen(cb_data->password); if (res > bufsiz) res = bufsiz; - memcpy(buf, password, res); - return res; + memcpy(buf, cb_data->password, res); } - +#else ui = UI_new_method(ui_method); if (ui) { int ok = 0; char *buff = NULL; int ui_flags = 0; + const char *prompt_info = NULL; char *prompt; + if (cb_data != NULL && cb_data->prompt_info != NULL) + prompt_info = cb_data->prompt_info; prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); if (!prompt) { BIO_printf(bio_err, "Out of memory\n"); @@ -366,6 +298,9 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD; UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); + /* We know that there is no previous user data to return to us */ + (void)UI_add_user_data(ui, cb_data); + if (ok >= 0) ok = UI_add_input_string(ui, prompt, ui_flags, buf, PW_MIN_LENGTH, bufsiz - 1); @@ -398,12 +333,13 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) UI_free(ui); OPENSSL_free(prompt); } +#endif return res; } -static char *app_get_pass(char *arg, int keepbio); +static char *app_get_pass(const char *arg, int keepbio); -int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2) +int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2) { int same; if (!arg2 || !arg1 || strcmp(arg1, arg2)) @@ -425,7 +361,7 @@ int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2) return 1; } -static char *app_get_pass(char *arg, int keepbio) +static char *app_get_pass(const char *arg, int keepbio) { char *tmp, tpass[APP_PASS_LEN]; static BIO *pwdbio = NULL; @@ -550,9 +486,9 @@ int app_load_modules(const CONF *config) CONF *to_free = NULL; if (config == NULL) - config = to_free = app_load_config_quiet(default_config_file); + config = to_free = app_load_config_quiet(default_config_file); if (config == NULL) - return 1; + return 1; if (CONF_modules_load(config, NULL, 0) <= 0) { BIO_printf(bio_err, "Error configuring OpenSSL modules\n"); @@ -630,7 +566,8 @@ static int load_pkcs12(BIO *in, const char *desc, return ret; } -int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl) +#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK) +static int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl) { char *host = NULL, *port = NULL, *path = NULL; BIO *bio = NULL; @@ -676,15 +613,17 @@ int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl) } return rv; } +#endif -X509 *load_cert(const char *file, int format, - const char *pass, ENGINE *e, const char *cert_descrip) +X509 *load_cert(const char *file, int format, const char *cert_descrip) { X509 *x = NULL; BIO *cert; if (format == FORMAT_HTTP) { +#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK) load_cert_crl_http(file, &x, NULL); +#endif return x; } @@ -723,7 +662,9 @@ X509_CRL *load_crl(const char *infile, int format) BIO *in = NULL; if (format == FORMAT_HTTP) { +#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK) load_cert_crl_http(infile, NULL, &x); +#endif return x; } @@ -763,20 +704,25 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, BIO_printf(bio_err, "no keyfile specified\n"); goto end; } -#ifndef OPENSSL_NO_ENGINE if (format == FORMAT_ENGINE) { - if (!e) + if (e == NULL) BIO_printf(bio_err, "no engine specified\n"); else { - pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data); - if (!pkey) { +#ifndef OPENSSL_NO_ENGINE + if (ENGINE_init(e)) { + pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data); + ENGINE_finish(e); + } + if (pkey == NULL) { BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip); ERR_print_errors(bio_err); } +#else + BIO_printf(bio_err, "engines not supported\n"); +#endif } goto end; } -#endif if (file == NULL && maybe_stdin) { unbuffer(stdin); key = dup_bio_in(format); @@ -831,15 +777,22 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, BIO_printf(bio_err, "no keyfile specified\n"); goto end; } -#ifndef OPENSSL_NO_ENGINE if (format == FORMAT_ENGINE) { - if (!e) + if (e == NULL) BIO_printf(bio_err, "no engine specified\n"); - else + else { +#ifndef OPENSSL_NO_ENGINE pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data); + if (pkey == NULL) { + BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip); + ERR_print_errors(bio_err); + } +#else + BIO_printf(bio_err, "engines not supported\n"); +#endif + } goto end; } -#endif if (file == NULL && maybe_stdin) { unbuffer(stdin); key = dup_bio_in(format); @@ -850,8 +803,8 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, if (format == FORMAT_ASN1) { pkey = d2i_PUBKEY_bio(key, NULL); } -#ifndef OPENSSL_NO_RSA else if (format == FORMAT_ASN1RSA) { +#ifndef OPENSSL_NO_RSA RSA *rsa; rsa = d2i_RSAPublicKey_bio(key, NULL); if (rsa) { @@ -860,8 +813,12 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, EVP_PKEY_set1_RSA(pkey, rsa); RSA_free(rsa); } else +#else + BIO_printf(bio_err, "RSA keys not supported\n"); +#endif pkey = NULL; } else if (format == FORMAT_PEMRSA) { +#ifndef OPENSSL_NO_RSA RSA *rsa; rsa = PEM_read_bio_RSAPublicKey(key, NULL, (pem_password_cb *)password_callback, @@ -872,9 +829,11 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, EVP_PKEY_set1_RSA(pkey, rsa); RSA_free(rsa); } else +#else + BIO_printf(bio_err, "RSA keys not supported\n"); +#endif pkey = NULL; } -#endif else if (format == FORMAT_PEM) { pkey = PEM_read_bio_PUBKEY(key, NULL, (pem_password_cb *)password_callback, @@ -892,7 +851,7 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, } static int load_certs_crls(const char *file, int format, - const char *pass, ENGINE *e, const char *desc, + const char *pass, const char *desc, STACK_OF(X509) **pcerts, STACK_OF(X509_CRL) **pcrls) { @@ -921,13 +880,13 @@ static int load_certs_crls(const char *file, int format, BIO_free(bio); - if (pcerts) { + if (pcerts && *pcerts == NULL) { *pcerts = sk_X509_new_null(); if (!*pcerts) goto end; } - if (pcrls) { + if (pcrls && *pcrls == NULL) { *pcrls = sk_X509_CRL_new_null(); if (!*pcrls) goto end; @@ -986,24 +945,22 @@ void* app_malloc(int sz, const char *what) return vp; } - - -STACK_OF(X509) *load_certs(const char *file, int format, - const char *pass, ENGINE *e, const char *desc) +/* + * Initialize or extend, if *certs != NULL, a certificate stack. + */ +int load_certs(const char *file, STACK_OF(X509) **certs, int format, + const char *pass, const char *desc) { - STACK_OF(X509) *certs; - if (!load_certs_crls(file, format, pass, e, desc, &certs, NULL)) - return NULL; - return certs; + return load_certs_crls(file, format, pass, desc, certs, NULL); } -STACK_OF(X509_CRL) *load_crls(const char *file, int format, - const char *pass, ENGINE *e, const char *desc) +/* + * Initialize or extend, if *crls != NULL, a certificate stack. + */ +int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format, + const char *pass, const char *desc) { - STACK_OF(X509_CRL) *crls; - if (!load_certs_crls(file, format, pass, e, desc, NULL, &crls)) - return NULL; - return crls; + return load_certs_crls(file, format, pass, desc, NULL, crls); } #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) @@ -1049,6 +1006,7 @@ int set_name_ex(unsigned long *flags, const char *arg) { static const NAME_EX_TBL ex_tbl[] = { {"esc_2253", ASN1_STRFLGS_ESC_2253, 0}, + {"esc_2254", ASN1_STRFLGS_ESC_2254, 0}, {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0}, {"esc_msb", ASN1_STRFLGS_ESC_MSB, 0}, {"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0}, @@ -1210,7 +1168,7 @@ void print_name(BIO *out, const char *title, X509_NAME *nm, } } -void print_bignum_var(BIO *out, BIGNUM *in, const char *var, +void print_bignum_var(BIO *out, const BIGNUM *in, const char *var, int len, unsigned char *buffer) { BIO_printf(out, " static unsigned char %s_%d[] = {", var, len); @@ -1247,7 +1205,7 @@ void print_array(BIO *out, const char* title, int len, const unsigned char* d) BIO_printf(out, "\n};\n"); } -X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath) +X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, int noCApath) { X509_STORE *store = X509_STORE_new(); X509_LOOKUP *lookup; @@ -1255,7 +1213,7 @@ X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath) if (store == NULL) goto end; - if(CAfile != NULL || !noCAfile) { + if (CAfile != NULL || !noCAfile) { lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); if (lookup == NULL) goto end; @@ -1268,7 +1226,7 @@ X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath) X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); } - if(CApath != NULL || !noCApath) { + if (CApath != NULL || !noCApath) { lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); if (lookup == NULL) goto end; @@ -1290,7 +1248,7 @@ X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath) #ifndef OPENSSL_NO_ENGINE /* Try to load an engine in a shareable library */ -static ENGINE *try_load_engine(const char *engine, int debug) +static ENGINE *try_load_engine(const char *engine) { ENGINE *e = ENGINE_by_id("dynamic"); if (e) { @@ -1302,11 +1260,13 @@ static ENGINE *try_load_engine(const char *engine, int debug) } return e; } +#endif ENGINE *setup_engine(const char *engine, int debug) { ENGINE *e = NULL; +#ifndef OPENSSL_NO_ENGINE if (engine) { if (strcmp(engine, "auto") == 0) { BIO_printf(bio_err, "enabling auto ENGINE support\n"); @@ -1314,7 +1274,7 @@ ENGINE *setup_engine(const char *engine, int debug) return NULL; } if ((e = ENGINE_by_id(engine)) == NULL - && (e = try_load_engine(engine, debug)) == NULL) { + && (e = try_load_engine(engine)) == NULL) { BIO_printf(bio_err, "invalid engine \"%s\"\n", engine); ERR_print_errors(bio_err); return NULL; @@ -1331,13 +1291,19 @@ ENGINE *setup_engine(const char *engine, int debug) } BIO_printf(bio_err, "engine \"%s\" set.\n", ENGINE_get_id(e)); - - /* Free our "structural" reference. */ - ENGINE_free(e); } +#endif return e; } + +void release_engine(ENGINE *e) +{ +#ifndef OPENSSL_NO_ENGINE + if (e != NULL) + /* Free our "structural" reference. */ + ENGINE_free(e); #endif +} static unsigned long index_serial_hash(const OPENSSL_CSTRING *a) { @@ -1346,7 +1312,7 @@ static unsigned long index_serial_hash(const OPENSSL_CSTRING *a) n = a[DB_serial]; while (*n == '0') n++; - return (lh_strhash(n)); + return OPENSSL_LH_strhash(n); } static int index_serial_cmp(const OPENSSL_CSTRING *a, @@ -1366,7 +1332,7 @@ static int index_name_qual(char **a) static unsigned long index_name_hash(const OPENSSL_CSTRING *a) { - return (lh_strhash(a[DB_name])); + return OPENSSL_LH_strhash(a[DB_name]); } int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b) @@ -1380,7 +1346,7 @@ static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING) static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING) #undef BSIZE #define BSIZE 256 -BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai) +BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai) { BIO *in = NULL; BIGNUM *ret = NULL; @@ -1425,7 +1391,7 @@ BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai) return (ret); } -int save_serial(char *serialfile, char *suffix, BIGNUM *serial, +int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial, ASN1_INTEGER **retai) { char buf[1][BSIZE]; @@ -1452,9 +1418,6 @@ int save_serial(char *serialfile, char *suffix, BIGNUM *serial, j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix); #endif } -#ifdef RL_DEBUG - BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]); -#endif out = BIO_new_file(buf[0], "w"); if (out == NULL) { ERR_print_errors(bio_err); @@ -1478,9 +1441,10 @@ int save_serial(char *serialfile, char *suffix, BIGNUM *serial, return (ret); } -int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix) +int rotate_serial(const char *serialfile, const char *new_suffix, + const char *old_suffix) { - char buf[5][BSIZE]; + char buf[2][BSIZE]; int i, j; i = strlen(serialfile) + strlen(old_suffix); @@ -1493,17 +1457,10 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix) } #ifndef OPENSSL_SYS_VMS j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix); -#else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix); -#endif -#ifndef OPENSSL_SYS_VMS j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix); #else + j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix); j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix); -#endif -#ifdef RL_DEBUG - BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", - serialfile, buf[1]); #endif if (rename(serialfile, buf[1]) < 0 && errno != ENOENT #ifdef ENOTDIR @@ -1515,10 +1472,6 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix) perror("reason"); goto err; } -#ifdef RL_DEBUG - BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", - buf[0], serialfile); -#endif if (rename(buf[0], serialfile) < 0) { BIO_printf(bio_err, "unable to rename %s to %s\n", buf[0], serialfile); @@ -1559,7 +1512,7 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai) return ret; } -CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) +CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr) { CA_DB *retdb = NULL; TXT_DB *tmpdb = NULL; @@ -1594,10 +1547,6 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) if (dbattr_conf) { char *p = NCONF_get_string(dbattr_conf, NULL, "unique_subject"); if (p) { -#ifdef RL_DEBUG - BIO_printf(bio_err, - "DEBUG[load_index]: unique_subject = \"%s\"\n", p); -#endif retdb->attributes.unique_subject = parse_yesno(p, 1); } } @@ -1644,21 +1593,12 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db) } #ifndef OPENSSL_SYS_VMS j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile); -#else - j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile); -#endif -#ifndef OPENSSL_SYS_VMS j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix); -#else - j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix); -#endif -#ifndef OPENSSL_SYS_VMS j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix); #else + j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile); + j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix); j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix); -#endif -#ifdef RL_DEBUG - BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]); #endif out = BIO_new_file(buf[0], "w"); if (out == NULL) { @@ -1672,9 +1612,6 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db) goto err; out = BIO_new_file(buf[1], "w"); -#ifdef RL_DEBUG - BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]); -#endif if (out == NULL) { perror(buf[2]); BIO_printf(bio_err, "unable to open '%s'\n", buf[2]); @@ -1705,31 +1642,16 @@ int rotate_index(const char *dbfile, const char *new_suffix, } #ifndef OPENSSL_SYS_VMS j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile); -#else - j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile); -#endif -#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix); j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix); -#else - j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix); -#endif -#ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix); -#else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix); -#endif -#ifndef OPENSSL_SYS_VMS j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix); + j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix); #else - j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix); -#endif -#ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix); -#else + j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile); j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix); -#endif -#ifdef RL_DEBUG - BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]); + j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix); + j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix); + j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix); #endif if (rename(dbfile, buf[1]) < 0 && errno != ENOENT #ifdef ENOTDIR @@ -1740,18 +1662,12 @@ int rotate_index(const char *dbfile, const char *new_suffix, perror("reason"); goto err; } -#ifdef RL_DEBUG - BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[0], dbfile); -#endif if (rename(buf[0], dbfile) < 0) { BIO_printf(bio_err, "unable to rename %s to %s\n", buf[0], dbfile); perror("reason"); rename(buf[1], dbfile); goto err; } -#ifdef RL_DEBUG - BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[4], buf[3]); -#endif if (rename(buf[4], buf[3]) < 0 && errno != ENOENT #ifdef ENOTDIR && errno != ENOTDIR @@ -1763,9 +1679,6 @@ int rotate_index(const char *dbfile, const char *new_suffix, rename(buf[1], dbfile); goto err; } -#ifdef RL_DEBUG - BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[2], buf[4]); -#endif if (rename(buf[2], buf[4]) < 0) { BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]); perror("reason"); @@ -1900,6 +1813,7 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in) BIO *mem; int len, ret; unsigned char tbuf[1024]; + mem = BIO_new(BIO_s_mem()); if (mem == NULL) return -1; @@ -1909,7 +1823,11 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in) else len = 1024; len = BIO_read(in, tbuf, len); - if (len <= 0) + if (len < 0) { + BIO_free(mem); + return -1; + } + if (len == 0) break; if (BIO_write(mem, tbuf, len) != len) { BIO_free(mem); @@ -1926,7 +1844,7 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in) return ret; } -int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value) +int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value) { int rv; char *stmp, *vtmp = NULL; @@ -1973,239 +1891,16 @@ void policies_print(X509_STORE_CTX *ctx) nodes_print("User", X509_policy_tree_get0_user_policies(tree)); } -#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) - -static JPAKE_CTX *jpake_init(const char *us, const char *them, - const char *secret) -{ - BIGNUM *p = NULL; - BIGNUM *g = NULL; - BIGNUM *q = NULL; - BIGNUM *bnsecret = BN_new(); - JPAKE_CTX *ctx; - - /* Use a safe prime for p (that we found earlier) */ - BN_hex2bn(&p, - "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F"); - g = BN_new(); - BN_set_word(g, 2); - q = BN_new(); - BN_rshift1(q, p); - - BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret); - - ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret); - BN_free(bnsecret); - BN_free(q); - BN_free(g); - BN_free(p); - - return ctx; -} - -static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p) -{ - BN_print(conn, p->gx); - BIO_puts(conn, "\n"); - BN_print(conn, p->zkpx.gr); - BIO_puts(conn, "\n"); - BN_print(conn, p->zkpx.b); - BIO_puts(conn, "\n"); -} - -static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx) -{ - JPAKE_STEP1 s1; - - JPAKE_STEP1_init(&s1); - JPAKE_STEP1_generate(&s1, ctx); - jpake_send_part(bconn, &s1.p1); - jpake_send_part(bconn, &s1.p2); - (void)BIO_flush(bconn); - JPAKE_STEP1_release(&s1); -} - -static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx) -{ - JPAKE_STEP2 s2; - - JPAKE_STEP2_init(&s2); - JPAKE_STEP2_generate(&s2, ctx); - jpake_send_part(bconn, &s2); - (void)BIO_flush(bconn); - JPAKE_STEP2_release(&s2); -} - -static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx) -{ - JPAKE_STEP3A s3a; - - JPAKE_STEP3A_init(&s3a); - JPAKE_STEP3A_generate(&s3a, ctx); - BIO_write(bconn, s3a.hhk, sizeof s3a.hhk); - (void)BIO_flush(bconn); - JPAKE_STEP3A_release(&s3a); -} - -static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx) -{ - JPAKE_STEP3B s3b; - - JPAKE_STEP3B_init(&s3b); - JPAKE_STEP3B_generate(&s3b, ctx); - BIO_write(bconn, s3b.hk, sizeof s3b.hk); - (void)BIO_flush(bconn); - JPAKE_STEP3B_release(&s3b); -} - -static void readbn(BIGNUM **bn, BIO *bconn) -{ - char buf[10240]; - int l; - - l = BIO_gets(bconn, buf, sizeof buf); - assert(l > 0); - assert(buf[l - 1] == '\n'); - buf[l - 1] = '\0'; - BN_hex2bn(bn, buf); -} - -static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn) -{ - readbn(&p->gx, bconn); - readbn(&p->zkpx.gr, bconn); - readbn(&p->zkpx.b, bconn); -} - -static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn) -{ - JPAKE_STEP1 s1; - - JPAKE_STEP1_init(&s1); - jpake_receive_part(&s1.p1, bconn); - jpake_receive_part(&s1.p2, bconn); - if (!JPAKE_STEP1_process(ctx, &s1)) { - ERR_print_errors(bio_err); - exit(1); - } - JPAKE_STEP1_release(&s1); -} - -static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn) -{ - JPAKE_STEP2 s2; - - JPAKE_STEP2_init(&s2); - jpake_receive_part(&s2, bconn); - if (!JPAKE_STEP2_process(ctx, &s2)) { - ERR_print_errors(bio_err); - exit(1); - } - JPAKE_STEP2_release(&s2); -} - -static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn) -{ - JPAKE_STEP3A s3a; - int l; - - JPAKE_STEP3A_init(&s3a); - l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk); - assert(l == sizeof s3a.hhk); - if (!JPAKE_STEP3A_process(ctx, &s3a)) { - ERR_print_errors(bio_err); - exit(1); - } - JPAKE_STEP3A_release(&s3a); -} - -static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn) -{ - JPAKE_STEP3B s3b; - int l; - - JPAKE_STEP3B_init(&s3b); - l = BIO_read(bconn, s3b.hk, sizeof s3b.hk); - assert(l == sizeof s3b.hk); - if (!JPAKE_STEP3B_process(ctx, &s3b)) { - ERR_print_errors(bio_err); - exit(1); - } - JPAKE_STEP3B_release(&s3b); -} - -void jpake_client_auth(BIO *out, BIO *conn, const char *secret) -{ - JPAKE_CTX *ctx; - BIO *bconn; - - BIO_puts(out, "Authenticating with JPAKE\n"); - - ctx = jpake_init("client", "server", secret); - - bconn = BIO_new(BIO_f_buffer()); - BIO_push(bconn, conn); - - jpake_send_step1(bconn, ctx); - jpake_receive_step1(ctx, bconn); - jpake_send_step2(bconn, ctx); - jpake_receive_step2(ctx, bconn); - jpake_send_step3a(bconn, ctx); - jpake_receive_step3b(ctx, bconn); - - BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n"); - - OPENSSL_free(psk_key); - psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx)); - - BIO_pop(bconn); - BIO_free(bconn); - - JPAKE_CTX_free(ctx); -} - -void jpake_server_auth(BIO *out, BIO *conn, const char *secret) -{ - JPAKE_CTX *ctx; - BIO *bconn; - - BIO_puts(out, "Authenticating with JPAKE\n"); - - ctx = jpake_init("server", "client", secret); - - bconn = BIO_new(BIO_f_buffer()); - BIO_push(bconn, conn); - - jpake_receive_step1(ctx, bconn); - jpake_send_step1(bconn, ctx); - jpake_receive_step2(ctx, bconn); - jpake_send_step2(bconn, ctx); - jpake_receive_step3a(ctx, bconn); - jpake_send_step3b(bconn, ctx); - - BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n"); - - OPENSSL_free(psk_key); - psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx)); - - BIO_pop(bconn); - BIO_free(bconn); - - JPAKE_CTX_free(ctx); -} - -#endif - /*- * next_protos_parse parses a comma separated list of strings into a string * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. * outlen: (output) set to the length of the resulting buffer on success. * err: (maybe NULL) on failure, an error message line is written to this BIO. - * in: a NUL termianted string like "abc,def,ghi" + * in: a NUL terminated string like "abc,def,ghi" * - * returns: a malloced buffer or NULL on failure. + * returns: a malloc'd buffer or NULL on failure. */ -unsigned char *next_protos_parse(unsigned short *outlen, const char *in) +unsigned char *next_protos_parse(size_t *outlen, const char *in) { size_t len; unsigned char *out; @@ -2272,7 +1967,7 @@ static const char *get_dp_url(DIST_POINT *dp) gen = sk_GENERAL_NAME_value(gens, i); uri = GENERAL_NAME_get0_value(gen, >ype); if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) { - char *uptr = (char *)ASN1_STRING_data(uri); + const char *uptr = (const char *)ASN1_STRING_get0_data(uri); if (strncmp(uptr, "http://", 7) == 0) return uptr; } @@ -2318,8 +2013,10 @@ static STACK_OF(X509_CRL) *crls_http_cb(X509_STORE_CTX *ctx, X509_NAME *nm) crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL); crl = load_crl_crldp(crldp); sk_DIST_POINT_pop_free(crldp, DIST_POINT_free); - if (!crl) + if (!crl) { + sk_X509_CRL_free(crls); return NULL; + } sk_X509_CRL_push(crls, crl); /* Try to download delta CRL */ crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL); @@ -2448,30 +2145,6 @@ double app_tminterval(int stop, int usertime) return (ret); } -#elif defined(OPENSSL_SYS_NETWARE) -# include - -double app_tminterval(int stop, int usertime) -{ - static clock_t tmstart; - static int warning = 1; - double ret = 0; - - if (usertime && warning) { - BIO_printf(bio_err, "To get meaningful results, run " - "this program on idle system.\n"); - warning = 0; - } - - if (stop == TM_START) - tmstart = clock(); - else - ret = (clock() - tmstart) / (double)CLOCKS_PER_SEC; - - return (ret); -} - - #elif defined(OPENSSL_SYSTEM_VXWORKS) # include @@ -2601,45 +2274,6 @@ int app_access(const char* name, int flag) #endif } -int app_hex(char c) -{ - switch (c) { - default: - case '0': - return 0; - case '1': - return 1; - case '2': - return 2; - case '3': - return 3; - case '4': - return 4; - case '5': - return 5; - case '6': - return 6; - case '7': - return 7; - case '8': - return 8; - case '9': - return 9; - case 'a': case 'A': - return 0x0A; - case 'b': case 'B': - return 0x0B; - case 'c': case 'C': - return 0x0C; - case 'd': case 'D': - return 0x0D; - case 'e': case 'E': - return 0x0E; - case 'f': case 'F': - return 0x0F; - } -} - /* app_isdir section */ #ifdef _WIN32 int app_isdir(const char *name) @@ -2694,6 +2328,36 @@ int app_isdir(const char *name) #endif /* raw_read|write section */ +#if defined(__VMS) +# include "vms_term_sock.h" +static int stdin_sock = -1; + +static void close_stdin_sock(void) +{ + TerminalSocket (TERM_SOCK_DELETE, &stdin_sock); +} + +int fileno_stdin(void) +{ + if (stdin_sock == -1) { + TerminalSocket(TERM_SOCK_CREATE, &stdin_sock); + atexit(close_stdin_sock); + } + + return stdin_sock; +} +#else +int fileno_stdin(void) +{ + return fileno(stdin); +} +#endif + +int fileno_stdout(void) +{ + return fileno(stdout); +} + #if defined(_WIN32) && defined(STD_INPUT_HANDLE) int raw_read_stdin(void *buf, int siz) { @@ -2703,10 +2367,17 @@ int raw_read_stdin(void *buf, int siz) else return (-1); } +#elif defined(__VMS) +#include + +int raw_read_stdin(void *buf, int siz) +{ + return recv(fileno_stdin(), buf, siz, 0); +} #else int raw_read_stdin(void *buf, int siz) { - return read(fileno(stdin), buf, siz); + return read(fileno_stdin(), buf, siz); } #endif @@ -2722,7 +2393,7 @@ int raw_write_stdout(const void *buf, int siz) #else int raw_write_stdout(const void *buf, int siz) { - return write(fileno(stdout), buf, siz); + return write(fileno_stdout(), buf, siz); } #endif @@ -2755,9 +2426,34 @@ BIO *dup_bio_out(int format) return b; } +BIO *dup_bio_err(int format) +{ + BIO *b = BIO_new_fp(stderr, + BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0)); +#ifdef OPENSSL_SYS_VMS + if (istext(format)) + b = BIO_push(BIO_new(BIO_f_linebuffer()), b); +#endif + return b; +} + void unbuffer(FILE *fp) { +/* + * On VMS, setbuf() will only take 32-bit pointers, and a compilation + * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here. + * However, we trust that the C RTL will never give us a FILE pointer + * above the first 4 GB of memory, so we simply turn off the warning + * temporarily. + */ +#if defined(OPENSSL_SYS_VMS) && defined(__DECC) +# pragma environment save +# pragma message disable maylosedata2 +#endif setbuf(fp, NULL); +#if defined(OPENSSL_SYS_VMS) && defined(__DECC) +# pragma environment restore +#endif } static const char *modestr(char mode, int format) @@ -2817,7 +2513,17 @@ BIO *bio_open_owner(const char *filename, int format, int private) #endif } - fd = open(filename, mode, 0600); +#ifdef OPENSSL_SYS_VMS + /* VMS doesn't have O_BINARY, it just doesn't make sense. But, + * it still needs to know that we're going binary, or fdopen() + * will fail with "invalid argument"... so we tell VMS what the + * context is. + */ + if (!textmode) + fd = open(filename, mode, 0600, "ctx=bin"); + else +#endif + fd = open(filename, mode, 0600); if (fd < 0) goto err; fp = fdopen(fd, modestr('w', format)); @@ -2886,15 +2592,93 @@ BIO *bio_open_default_quiet(const char *filename, char mode, int format) void wait_for_async(SSL *s) { - int width, fd; + /* On Windows select only works for sockets, so we simply don't wait */ +#ifndef OPENSSL_SYS_WINDOWS + int width = 0; fd_set asyncfds; + OSSL_ASYNC_FD *fds; + size_t numfds; - fd = SSL_get_async_wait_fd(s); - if (fd < 0) + if (!SSL_get_all_async_fds(s, NULL, &numfds)) + return; + if (numfds == 0) return; + fds = app_malloc(sizeof(OSSL_ASYNC_FD) * numfds, "allocate async fds"); + if (!SSL_get_all_async_fds(s, fds, &numfds)) { + OPENSSL_free(fds); + } - width = fd + 1; FD_ZERO(&asyncfds); - openssl_fdset(fd, &asyncfds); + while (numfds > 0) { + if (width <= (int)*fds) + width = (int)*fds + 1; + openssl_fdset((int)*fds, &asyncfds); + numfds--; + fds++; + } select(width, (void *)&asyncfds, NULL, NULL, NULL); +#endif +} + +/* if OPENSSL_SYS_WINDOWS is defined then so is OPENSSL_SYS_MSDOS */ +#if defined(OPENSSL_SYS_MSDOS) +int has_stdin_waiting(void) +{ +# if defined(OPENSSL_SYS_WINDOWS) + HANDLE inhand = GetStdHandle(STD_INPUT_HANDLE); + DWORD events = 0; + INPUT_RECORD inputrec; + DWORD insize = 1; + BOOL peeked; + + if (inhand == INVALID_HANDLE_VALUE) { + return 0; + } + + peeked = PeekConsoleInput(inhand, &inputrec, insize, &events); + if (!peeked) { + /* Probably redirected input? _kbhit() does not work in this case */ + if (!feof(stdin)) { + return 1; + } + return 0; + } +# endif + return _kbhit(); +} +#endif + +/* Corrupt a signature by modifying final byte */ +void corrupt_signature(const ASN1_STRING *signature) +{ + unsigned char *s = signature->data; + s[signature->length - 1] ^= 0x1; +} + +int set_cert_times(X509 *x, const char *startdate, const char *enddate, + int days) +{ + if (startdate == NULL || strcmp(startdate, "today") == 0) { + if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL) + return 0; + } else { + if (!ASN1_TIME_set_string(X509_getm_notBefore(x), startdate)) + return 0; + } + if (enddate == NULL) { + if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL) + == NULL) + return 0; + } else if (!ASN1_TIME_set_string(X509_getm_notAfter(x), enddate)) { + return 0; + } + return 1; +} + +void make_uppercase(char *string) +{ + int i; + + for (i = 0; string[i] != '\0'; i++) + string[i] = toupper((unsigned char)string[i]); }